Trust Assessment
daily-devotional-auto received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 33 findings: 15 critical, 3 high, 13 medium, and 2 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Missing required field: name.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings33
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/create-sample-devotional.js:7 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/daily-devotional.js:16 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/devotional-generator.js:10 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/reply-as-bot.js:11 | |
| CRITICAL | Arbitrary command execution Node.js child_process require Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/thumbnail-generator.js:8 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/create-sample-devotional.js:92 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/create-sample-devotional.js:123 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/create-sample-devotional.js:194 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/create-sample-devotional.js:208 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/daily-devotional.js:427 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/daily-devotional.js:531 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/devotional-generator.js:135 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/thumbnail-generator.js:128 | |
| CRITICAL | Arbitrary command execution Node.js synchronous shell execution Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/snail3d/daily-devotional-auto/scripts/thumbnail-generator.js:239 | |
| CRITICAL | Command Injection via execSync with user comment The `scripts/reply-as-bot.js` script constructs a Python script string (`pythonScript`) that directly embeds `commentText` (derived from untrusted YouTube comments) and then executes this Python script using `execSync('python3 -c "${pythonScript}"', ...)`. If `commentText` contains shell metacharacters (e.g., `$(evil_command)`) or Python string delimiters (e.g., `"""` or `'; import os; os.system("rm -rf /") #`), it can lead to arbitrary command execution on the host system. Avoid using `execSync` with dynamically constructed command strings that embed untrusted input. Instead, use `child_process.spawn` with an array of arguments, ensuring each argument is passed separately and not interpreted by the shell. For Python scripts, pass data via stdin or as separate arguments, and ensure proper escaping within the Python script itself if embedding into strings. | LLM | scripts/reply-as-bot.js:190 | |
| HIGH | Command Injection via execSync with AI-generated prompt The `scripts/thumbnail-generator.js` script's `generateThumbnail` function constructs a shell command (`cmd`) for `uv run ${nanoBananaScript}` that embeds an AI-generated `prompt` string. This `prompt` is derived from devotional content, which itself is generated by an LLM based on news and user suggestions. While the `prompt` is double-quoted in the `cmd`, if the AI-generated content contains shell metacharacters (e.g., `"` or `$(evil_command)` or backticks), it could escape the double quotes and lead to arbitrary command execution. Implement robust shell escaping for all AI-generated or external content before embedding it into shell commands. Prefer `child_process.spawn` with an array of arguments over `execSync` with a single string. | LLM | scripts/thumbnail-generator.js:100 | |
| HIGH | Command Injection via execSync with AI-generated text overlay The `scripts/thumbnail-generator.js` script's `addTextOverlay` function constructs a Python script string (`pythonScript`) that embeds AI-generated devotional content (title, scripture, date, etc.). This Python script is then executed via `execSync('python3 -c "${pythonScript}"', ...)`. If the AI-generated content contains Python string delimiters (e.g., `"""`) or shell metacharacters, it could lead to arbitrary command execution. Avoid embedding untrusted/AI-generated content directly into command strings. Pass data as arguments or via stdin, and ensure proper escaping within the Python script itself. | LLM | scripts/thumbnail-generator.js:130 | |
| HIGH | Command Injection via execSync with AI-generated FFmpeg text The `scripts/daily-devotional.js` script's `renderVideoWithTitle` function constructs an `ffmpeg` command string (`ffmpegCmd`) that embeds AI-generated devotional content (title, scripture, scriptureText) for text overlays. This command is executed via `execSync`. While single quotes are escaped (`.replace(/'/g, "\'")`), other shell metacharacters (e.g., `"` for breaking out of the `drawtext` filter, or `$(evil_command)` for shell injection) are not handled. If the AI-generated content contains such characters, it could lead to arbitrary command execution. Implement comprehensive shell and `ffmpeg` filter escaping for all AI-generated content before embedding it into the `ffmpeg` command. Prefer `child_process.spawn` with an array of arguments over `execSync` with a single string. | LLM | scripts/daily-devotional.js:150 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/check-comments.js:199 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/daily-devotional.js:301 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/daily-devotional.js:314 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/reply-as-bot.js:113 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/reply-as-bot.js:119 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/reply-as-bot.js:124 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/reply-as-bot.js:131 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/snail3d/daily-devotional-auto/scripts/thumbnail-generator.js:276 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/snail3d/daily-devotional-auto/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/daily-devotional-auto/check-comments-twice-daily.sh:20 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/snail3d/daily-devotional-auto/run-daily.sh:17 | |
| MEDIUM | Unpinned npm dependency version Dependency 'axios' is not pinned to an exact version ('^1.6.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/snail3d/daily-devotional-auto/package.json | |
| MEDIUM | Direct execution of external skill's script The `run-daily.sh` script directly invokes a script (`upload-simple.js`) from another skill package (`youtube-studio`) located in the user's home directory. This creates a strong dependency and implicitly grants the `daily-devotional-auto` skill the ability to execute code from `youtube-studio`. If the `youtube-studio` skill were to be compromised or contain vulnerabilities, `daily-devotional-auto` would inherit those risks, potentially leading to unauthorized actions under the `daily-devotional-auto`'s context. Consider isolating skill execution environments. If direct invocation is necessary, ensure `youtube-studio` is thoroughly vetted and its integrity is maintained. Implement checks to verify the script being executed before invocation. | LLM | run-daily.sh:37 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/snail3d/daily-devotional-auto/package.json | |
| LOW | Unpinned `axios` dependency in `package.json` The `package.json` specifies `axios: "^1.6.0"`. The caret (`^`) operator allows for minor and patch updates, meaning future `npm install` operations could pull in a `1.x.x` version greater than `1.6.0`. While `axios` is a widely used and generally trusted library, this practice introduces a slight supply chain risk if a malicious update were to be published or if a vulnerability were introduced in a later minor version. Pin dependencies to exact versions (e.g., `"axios": "1.6.0"`) to ensure deterministic builds and prevent unexpected changes from upstream packages. Regularly audit and update dependencies. | LLM | package.json:19 |
Scan History
Embed Code
[](https://skillshield.io/report/ca3d4f32cdbb61d0)
Powered by SkillShield